Configuring a Name Server Not to Forward Certain Queries

3.17.1 Problem

You want to configure a name server not to forward queries for certain domain names.

3.17.2 Solution

Use a null (empty) forwarders substatement to override forwarding for queries that would otherwise be forwarded. For example:

options { directory "/var/named": forwarders { 192.168.0.1; }; }; zone "foo.example" { type master; file "db.foo.example"; forwarders {}; };

Note the empty list of forwarders.

A null forwarders substatement will work in master, slave, and stub zones.

3.17.3 Discussion

For primary master and slave zones, such as the primary master zone in the example above, it may not be obvious which queries the name server would forward. It's authoritative for foo.example, after all, so why would it ever forward a query for a domain name in the zone?

The answer is that the null forwarders list applies not just to domain names in the zone, but to any domain names that end in the domain name of the zone. So in this example, the name server wouldn't forward queries for domain names that ended in foo.example, even if those domain names were in delegated subdomains of foo.example.

If you need to override forwarding for some domain names but don't want to make the name server authoritative for the zone that has that domain name, use a stub zone, as described in Section 3.16. The name server will just get the zone's SOA and NS records, and via discrete queries, not a zone transfer.

There's no way to disable forwarding without at least configuring a stub zone, though. For example, you can't do this:

zone "foo.example" { type forward; forwarders {}; };

While this might turn off forwarding for domain names that end in foo.example, the name server won't know how to resolve those domain names without at least the foo.example NS records.

3.17.4 See Also

Recipes Section 3.15 and Section 3.16, and "Forward Zones" in Chapter 10 of DNS and BIND.

Категории